ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool spwebmember

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: spwebmember

Namesspwebmember
CategoryTools
TypeInfo stealer
Description(NCC Group) spwebmember was written in Microsoft .NET and includes hardcoded values for client project names for data extraction. The tool would connect to the SQL SharePoint database and issue a query to dump all data from the database to a temporary file affixed with 'spdata'.
Information<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/>
MITRE ATT&CK<https://attack.mitre.org/software/S0227/>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: SprySOCKS
Next: SpyC23

All groups using tool spwebmember

ChangedNameCountryObserved

APT groups

 Ke3chang, Vixen Panda, APT 15, GREF, Playful DragonChina2010-Late 2022 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]